SYSTEMS AND METHODS TO DETECT AND RESPOND TO DISTRIBUTED DENIAL OF SERVICE (DDoS) ATTACKS
US-2015033335-A1 · Jan 29, 2015 · US
Detecting attacks using handshake requests systems and methods
US11019100B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-11019100-B2 |
| Application number | US-201816207423-A |
| Country | US |
| Kind code | B2 |
| Filing date | Dec 3, 2018 |
| Priority date | Dec 3, 2018 |
| Publication date | May 25, 2021 |
| Grant date | May 25, 2021 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Systems and methods for detecting attacks using a handshake request are provided. A plurality of devices can receive a plurality of handshake requests to establish TLS connections that include a respective application request. At least one of the plurality of handshake requests can include a first application request. The plurality of devices can record each of the respective application requests to a registry of application requests. A first device of the plurality of devices can receive a subsequent handshake request to establish a subsequent TLS connection that includes the first application request. The first device can query, prior to accepting the first application request, the registry for the first application request. The first device can determine whether to accept or reject the first application request responsive to identifying from the query that the first application request has not been or has been recorded in the registry.
First claim
Opening claim text (preview).
What is claimed is: 1. A method for detecting attacks using a handshake request comprising an application request, the method comprising: (a) receiving, by a plurality of devices, a plurality of handshake requests to establish a respective transport layer security (TLS) connection to at least one device of the plurality of devices, each of the plurality of handshake requests include a respective application request, and one of the plurality of handshake requests comprising a first application request to establish a connection to an application server; (b) recording, by the plurality of devices, each of the respective application requests of the plurality of handshake requests to a registry of application requests; (c) receiving, by a first device of the plurality of devices, a subsequent handshake request to establish a subsequent TLS connection that includes the first application request to establish the connection to the application server; (d) querying, by the first device prior to accepting the first application request, the registry for the first application request; and (e) determining, by the first device, to reject the first application request responsive to identifying from the query that the first application request has been recorded in the registry. 2. The method of claim 1 , further comprising dropping the application request by the first device responsive to the determination but accepting a TLS connection request included in the subsequent handshake request. 3. The method of claim 1 , wherein (a) further comprises establishing the respective TLS connection of each of the plurality of handshake requests by one or more of the plurality of devices. 4. The method of claim 1 , wherein the plurality of devices are intermediary to a plurality of clients and a plurality of servers. 5. The method of claim 1 , further comprising selecting, using a mapping function, for each of the plurality of handshake requests a device from the plurality of devices for storing the respective application request to the registry. 6. The method of claim 1 , wherein each of the plurality of devices stores a portion of the registry. 7. The method of claim 1 , wherein (d) further comprises determining, by the first device, which of the plurality of devices is to store the first application request in the registry. 8. The method of claim 1 , wherein (e) further comprises maintaining the recordation of the first application request in the registry until an expiration period. 9. The method of claim 1 , further comprising receiving, by a second device of the plurality of devices, a second subsequent handshake request to establish a second subsequent TLS connection that includes a second application request and querying, by the second device prior to accepting the second application request, the registry for the second application request. 10. The method of claim 9 , further comprising determining, by the second device, to accept the second application request responsive to identifying from the query that the second application request has not been recorded in the registry, and accepting a TLS connection request included in the second subsequent handshake request. 11. A system for detecting attacks using a handshake request comprising an application request, the system comprising: a plurality of computers configured to receive a plurality of handshake requests to establish a respective transport layer security (TLS) connection to at least one computer of the plurality of computers, each of the plurality of handshake requests include a respective application request, and one of the plurality of handshake requests comprising a first application request to establish a connection to an application server; wherein one or more of the plurality of computers are configured to record each of the respective application requests of the plurality of handshake requests to a registry of application requests; wherein a first computer of the plurality of computers is configured to: receive a subsequent handshake request to establish a subsequent TLS connection that includes the first application request to establish the connection to the application server; query prior to accepting the first application request, the registry for the first application request; and determine to reject the first application request responsive to identifying from the query that the first application request has been recorded in the registry. 12. The system of claim 11 , further comprising dropping the first application request by the first computer responsive to the determination but accepting a TLS connection request included in the subsequent handshake request. 13. The system of claim 11 , wherein the respective TLS connection of each of the plurality of handshakes are established by one or more of the plurality of computers. 14. The system of claim 11 , wherein the plurality of computers are intermediary to a plurality of clients and a plurality of servers. 15. The system of claim 11 , wherein a computer from the plurality of computers is selected, using a mapping function, for storing to the registry the respective application request for each of the plurality of handshake requests. 16. The system of claim 11 , wherein each of the plurality of computers stores a portion of the registry. 17. The system of claim 11 , wherein the first computer is further configured to determine which of the plurality of computers is to store the first application request in the registry. 18. The system of claim 11 , wherein the recordation of the first application request is maintained in the registry until an expiration period. 19. The system of claim 11 , wherein a second computer of the plurality of computers is configured to receive a second handshake request to establish a second subsequent TLS connection that includes a second application request and query, prior to accepting the second application request, the registry for the second application request. 20. The system of claim 19 , wherein the second computer is further configured to accept the second application request responsive to identifying from the query that the second application request has not been recorded in the registry, and accept a TLS connection request included in the second handshake request.
Assignees
Inventors
Classifications
Routing a service request depending on the request content or context · CPC title
the source of the received data · CPC title
Filtering policies (mail message filtering H04L51/212) · CPC title
Countermeasures against malicious traffic (countermeasures against attacks on cryptographic mechanisms H04L9/002) · CPC title
Event detection, e.g. attack signature detection · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US11019100B2 cover?
- Systems and methods for detecting attacks using a handshake request are provided. A plurality of devices can receive a plurality of handshake requests to establish TLS connections that include a respective application request. At least one of the plurality of handshake requests can include a first application request. The plurality of devices can record each of the respective application reques…
- Who is the assignee on this patent?
- Citrix Systems Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L63/166. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue May 25 2021 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 1 related publication on this page (citations in our corpus or others sharing the same primary CPC).